From e2bf1d5eb11d780db1f9bec6fbc6b614684510dd Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Sun, 20 Dec 2015 18:36:57 +0800
Subject: [PATCH 1/4] try to make metamaps more tls friendly

---
 app/assets/javascripts/src/Metamaps.js.erb | 15 +++++++++------
 app/controllers/application_controller.rb  | 10 ++++++++--
 app/views/layouts/_lightboxes.html.erb     | 10 +++++++---
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/app/assets/javascripts/src/Metamaps.js.erb b/app/assets/javascripts/src/Metamaps.js.erb
index 33cb15ef..bcc5dcf0 100644
--- a/app/assets/javascripts/src/Metamaps.js.erb
+++ b/app/assets/javascripts/src/Metamaps.js.erb
@@ -928,8 +928,11 @@ Metamaps.TopicCard = {
             setTimeout(function () {
                 var text = $(element).val();
                 if (event.type=="paste" || (event.type=="keyup" && event.which==13)){
-                    if (text.slice(0, 4) !== 'http') {
-                        text='http://'+text;
+                  // TODO evaluate converting this to '//' no matter what (infer protocol)
+                  if (text.slice(0, 7) !== 'http://' &&
+                      text.slice(0, 8) !== 'https://' && 
+                      text.slice(0, 2) !== '//') {
+                        text='//'+text;
                     }
                     topic.save({
                         link: text
@@ -1897,7 +1900,7 @@ Metamaps.Util = {
         return (url.match(/\.(jpeg|jpg|gif|png)$/) != null);
     },
     checkURLisYoutubeVideo: function (url) {
-        return (url.match(/^http:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null);
+        return (url.match(/^https?:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null);
     }
 }; // end Metamaps.Util
 
@@ -1907,9 +1910,9 @@ Metamaps.Util = {
  *
  */
 Metamaps.Realtime = {
-    stringForLocalhost: 'http://localhost:5001',
-    stringForMetamaps: 'http://metamaps.cc:5001',
-    stringForHeroku: 'http://gentle-savannah-1303.herokuapp.com',
+    stringForLocalhost: '//localhost:5001',
+    stringForMetamaps: '//metamaps.cc:5001',
+    stringForHeroku: '//gentle-savannah-1303.herokuapp.com',
     socket: null,
     isOpen: false,
     changing: false,
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 4278637f..de20193a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,7 +11,13 @@ class ApplicationController < ActionController::Base
   helper_method :admin?
   
   def after_sign_in_path_for(resource)
-    sign_in_url = url_for(:action => 'new', :controller => 'sessions', :only_path => false, :protocol => 'http')
+    unsafe_uri = request.env["REQUEST_URI"]
+    if unsafe_uri.starts_with? 'http' && !unsafe_uri.starts_with? 'https'
+      protocol = 'http'
+    else
+      protocol = 'https'
+    end
+    sign_in_url = url_for(:action => 'new', :controller => 'sessions', :only_path => false, :protocol => protocol)
 
     if request.referer == sign_in_url
       super
@@ -60,7 +66,7 @@ private
   def get_invite_link
     unsafe_uri = request.env["REQUEST_URI"]
     valid_url = /^https?:\/\/([\w\.-]+)(:\d{1,5})?\/?$/
-    safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : "http://metamaps.cc/"
+    safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : "//metamaps.cc/"
     @invite_link = "#{safe_uri}join" + (current_user ? "?code=#{current_user.code}" : "")
   end
 end
diff --git a/app/views/layouts/_lightboxes.html.erb b/app/views/layouts/_lightboxes.html.erb
index 46ab2edf..1ea13866 100644
--- a/app/views/layouts/_lightboxes.html.erb
+++ b/app/views/layouts/_lightboxes.html.erb
@@ -46,6 +46,7 @@
             </a>
           </li>
           <li>
+            <% # TODO enable ssl on blog.metamaps.cc %>
             <a id="lightbox_blog" href="http://blog.metamaps.cc" target="_blank">
               <div class="lightboxAboutIcon"></div>
               blog
@@ -58,7 +59,8 @@
             </a>
           </li>
           <li>
-            <a id="lightbox_term" data-bypass="true" href="http://metamaps.cc/maps/331" target="_blank">
+            <% # TODO switch to https:// once we're confident %>
+            <a id="lightbox_term" data-bypass="true" href="//metamaps.cc/maps/331" target="_blank">
               <div class="lightboxAboutIcon"></div>
               terms
             </a>
@@ -115,7 +117,7 @@
             <li>Google Plus <a href="https://plus.google.com/communities/115060009262157699234" target="_blank">*</a></li>
             <li>Hackpad <a href="http://metamaps.hackpad.com/" target="_blank">*</a></li>
             <li>Loomio <a href="https://www.loomio.org/g/bu3L1tIW/topos-ffo" target="_blank">*</a></li>
-            <li>Twitter <a href="http://twitter.com/metamapps" target="_blank">*</a></li>
+            <li>Twitter <a href="https://twitter.com/metamapps" target="_blank">*</a></li>
             <li>Hipchat</li>
             <li>Google Hangouts</li>
             <li>Vimeo </li>
@@ -152,6 +154,7 @@
         <a id="chromeIcon" href="https://www.google.com/chrome/browser/" target="_blank">Chrome</a>
         <a id="fireFoxIcon" href="https://www.mozilla.org/en-US/firefox/new/" target="_blank">Firefox</a>
         <a id="safariIcon" href="http://support.apple.com/downloads/#safari" target="_blank">Safari</a>
+        <% # TODO https for blog.metamaps.cc %>
         <p id="noIEbody">While it's downloading, explore our <a href="http://blog.metamaps.cc/">blog</a>,<br> watch the <a href="http://vimeo.com/88334167">tutorials</a>, or visit our <a href="http://support.metamaps.cc/">knowledge base</a>!
 
       </div>
@@ -200,13 +203,14 @@
         
         <p>Want to help with design, code, community building, or communications for Metamaps? We're an open value network, which for us means we want to invite and empower peers to participate in creating value together.
 
+        <% # TODO change this link to https once it works %>
         <p>To be a <b>USER</b>, request an invite! We'll expect you to abide by our <a href="http://metamaps.cc/maps/331" target="_blank">terms of service</a>.</p>
         
         <p>To be a <b>CONTRIBUTOR</b>, simply <a href="https://docs.google.com/document/d/1z8FsSmYkHbLRLOsXc8i8M5ubKky8_WB2E9bLBoXJapU" target="_blank">enter our spaces</a> and join the conversation! We'll expect you to follow some guidelines.</p>
         
         <p><b>MEMBERS</b> are contributors who act as stewards and guardians of the collective and are responsible for maintaining our culture and purpose. We're working on a set of agreements to formalize what it means to be a member.</p>
 
-        <p>We welcome people of all skillsets to create value within our network. There's open possibilities for designers, researchers, academics, strategists, and facilitators to contribute. If you're a developer, help us advance the code and take a look around our <a href="http://github.com/metamaps/metamaps_gen002" target="_blank">Github</a>.</p>
+        <p>We welcome people of all skillsets to create value within our network. There's open possibilities for designers, researchers, academics, strategists, and facilitators to contribute. If you're a developer, help us advance the code and take a look around our <a href="https://github.com/metamaps/metamaps_gen002" target="_blank">Github</a>.</p>
 
         <p>Thanks for your interest in helping out with Metamaps! Hopefully this gets you pointed in the right direction to get involved. The next step is to read the links on this page and then contribute! </p>
 

From f35d4d51a974933cb9123f8074ce8ca3f2b19e4b Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Sun, 20 Dec 2015 20:19:09 +0800
Subject: [PATCH 2/4] s3 over https by default

---
 config/environments/development.rb | 13 +++++++------
 config/environments/production.rb  | 11 ++++++-----
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/config/environments/development.rb b/config/environments/development.rb
index cd440097..6aacdb20 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -15,12 +15,13 @@ Metamaps::Application.configure do
   
   # S3 file storage
   config.paperclip_defaults = {
-    :storage => :s3,
-    :s3_credentials => {
-      :bucket => ENV['S3_BUCKET_NAME'],
-      :access_key_id => ENV['AWS_ACCESS_KEY_ID'],
-      :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY']
-    }
+    storage: :s3,
+    :s3_credentials: {
+      bucket: ENV['S3_BUCKET_NAME'],
+      access_key_id: ENV['AWS_ACCESS_KEY_ID'],
+      secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
+    },
+    s3_protocol: 'https'
   }
     
   config.action_mailer.delivery_method = :smtp
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 192f631d..55220ee3 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -24,11 +24,12 @@ Metamaps::Application.configure do
   # S3 file storage
   config.paperclip_defaults = {
     :storage => :s3,
-    :s3_credentials => {
-      :bucket => ENV['S3_BUCKET_NAME'],
-      :access_key_id => ENV['AWS_ACCESS_KEY_ID'],
-      :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY']
-    }
+    s3_credentials: {
+      bucket: ENV['S3_BUCKET_NAME'],
+      access_key_id: ENV['AWS_ACCESS_KEY_ID'],
+      secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
+    },
+    s3_protocol: 'https'
   }
   
   config.action_mailer.delivery_method = :smtp

From d33f4bffb1d9e00f9ceae2658dfe09923d6c1921 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Sun, 20 Dec 2015 20:19:24 +0800
Subject: [PATCH 3/4] typekit https

---
 app/views/layouts/application.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 9911466a..5dfaaa6f 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -16,7 +16,7 @@
   <%= javascript_include_tag "application" %>
 
   <!-- typekit for vinyl font -->
-  <script type="text/javascript" src="//use.typekit.net/tki2nyo.js"></script>
+  <script type="text/javascript" src="https://use.typekit.net/tki2nyo.js"></script>
   <script type="text/javascript">try{Typekit.load();}catch(e){}</script>
 
         <!-- app code -->

From 603b9dc52e8ee39c9815aefc142655245ca3d6a1 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Mon, 21 Dec 2015 10:16:51 +0800
Subject: [PATCH 4/4] remove uservoice code

---
 app/views/layouts/application.html.erb | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 5dfaaa6f..bf351870 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -138,19 +138,8 @@
     Metamaps.Loading.loader.setDensity(41); // default is 40
     Metamaps.Loading.loader.setRange(0.9); // default is 1.3
     Metamaps.Loading.loader.show(); // Hidden by default
-
-    // set up uservoice with signed in user
-    <% if authenticated? && ENV['SSO_KEY'] %>
-        USERVOICE.load(Metamaps.Active.Mapper.name, Metamaps.Active.Mapper.id, "<%= user.email %>", "<%= current_sso_token %>");
-    <% else %>
-        USERVOICE.load();
-    <% end %>
 </script>
 
-<% if !authenticated? %>
-  <iframe width="1" height="1" src="http://support.metamaps.cc/logout.json"; style="visibility:hidden;"></iframe>
-<% end %>
-
 <%= render :partial => 'layouts/googleanalytics' if Rails.env.production? %>
 </body>
 </html>